Are You Drifting Toward Disaster? How to Detect and Prevent the Configuration Drift Exposing Your Organization to Risk

Posted by on March 06, 2018

Are You Drifting Toward Disaster? How to Detect and Prevent the Configuration Drift Exposing Your Organization to Risk

Can a fragile little butterfly put your enterprise IT organization at risk? In a figurative sense, yes.

According to the chaos theory, a very small change—such as the single flap of a butterfly’s wings—can spur massive and negative consequences. Atmospheric disturbances that begin with a butterfly flitting about in Brazil, for example, might ultimately result in a tornado in Texas.

Whether or not you buy in to the theory, the concept of the butterfly effect certainly applies to your IT organization. The equivalent has occurred countless times in your organization. It’s probably happening right now.

The Insidious Inevitability of Configuration Drift

Every IT organization experiences configuration drift. In your organization, it’s likely that multiple examples occur every day. And every single occurrence could be likened to a butterfly-effect-like incident that might ultimately lead to disaster.

Configuration drift occurs when changes—even very small ones—are made to hardware or software infrastructures. For the sake of discussion, let’s imagine that your IT organization achieves a state of perfect symbiosis. All components of the IT organization, including users, are configured to interact in a manner that minimizes your exposure to cybersecurity threats.

But then, inevitably, something changes. Maybe it's a simple code update. Perhaps a change to a user’s permissions. Possibly a version upgrade to a SaaS tool. The possible changes are countless, and they’re likely to occur multiple times on a daily basis.

Each change is potentially that flap of the butterfly’s wing; the first falling domino. As the impact of the change ripples throughout the organization, the results may be minor or they may be catastrophic. But, with certainty, the unified configuration of your organization has drifted away from perfection.

Many of the changes that can lead to configuration drift are necessary and unavoidable. That’s why it’s so important to be able to monitor your organization for indications of configuration drift.

You Need a Canary in Your Coal Mine

Just as canaries once warned coal miners of an influx of deadly carbon monoxide gas, every IT organization should maintain a warning system for configuration drift. When any change occurs that could lead to trouble, the warning system should alert IT management to the danger.

Tripwire Enterprise provides that early warning system. In today’s world of wildly escalating cybersecurity threats, the defense against configuration drift provided by Tripwire is an invaluable resource. Tripwire Enterprise provides:

  • Real-Time Change Intelligence: Tripwire detects and evaluates changes and prioritizes security risks. Tripwire’s file integrity monitoring offers the ability to detect changes to integrity within:
    • Files
    • Directories
    • Registries
    • Configuration parameters
    • DLLs
    • Ports
    • Services
    • Protocols
  • System Hardening and Compliance Enforcement: Reduces risk by shrinking your attack surface, and reduces audit preparation time and cost. Provides audit-ready reporting and proof-of-compliance capability.
  • Security Automation and Remediation: Automates your ability to detect and repair non-compliant systems. Enables the automation of workflows, and streamlines investigations and root-cause analysis.

Perhaps most importantly, Tripwire helps you efficiently focus your limited resources in prioritizing your defenses against the most dangerous risks.

Tripwire Integrates Seamlessly with Cherwell Service Management

Thousands of enterprises worldwide choose Cherwell Service Management, in part, because the platform is so easy to customize and configure. And now Tripwire’s configuration drift defense and compliance-automation capabilities can easily be incorporated into the Cherwell platform.

Integrating Tripwire Enterprise into the Cherwell platform further automates the process of managing change. When Tripwire detects a change, it is reported to the Cherwell platform. The Cherwell platform evaluates the change, and either approves it or generates an incident report.

If an incident report is generated, it will provide your staff with a wealth of information that will help streamline your team’s response to the problem. The incident report will even rate the likely impact of the incident on a numerical scale. Similarly, the incident report will assign a recommended priority to the incident.

Details provided by the incident report will include items such as:

  • What changed
  • Who changed it
  • When it changed
  • How it changed

Your staff will know far more than the simple fact that the canary stopped singing.

Cherwell Enables Easy Incorporation of the Best ITSM-Complimenting Capabilities

Cherwell customers can now easily implement Tripwire Enterprise with the Cherwell platform. And Cherwell’s mApp offers the same easy-integration/simplified-management for many other vendors. Capabilities include:

  • Risk Management
  • AIOps
  • Security
  • Dependency Mapping
  • CMDB
  • Cloud Management
  • Performance Management
  • Identity Management

Cherwell’s mApp can add capability to your ITSM platform without increasing management workload. And security-enhancing tools like Tripwire Enterprise can provide a critically important compliment to your ITSM capabilities. 

See how integrating Tripwire into your ITSM can prevent configuration drift.

Learn Now